- dummy
static_source:
- boott.debian.org
+ - casulana.debian.org
- coccia.debian.org
- dillon.debian.org
- donizetti.debian.org
- porta.debian.org
onionbalance:
- olin.debian.org
- experimental_apache:
- - cgi-grnet-01.debian.org
- - pejacevic.debian.org
- - petrova.debian.org
bgp:
- mirror-bytemark.debian.org
- mirror-conova.debian.org
- storace.debian.org
debconf_wafer:
- debussy.debian.org
+ apache_not_public:
+ # Hosts that run apache but where it should not be open to the internet by
+ # default
+ - casulana.debian.org
+ cdbuilder_local_mirror:
+ - casulana.debian.org
ensure => installed,
}
- if $::hostname in [beach,buxtehude,picconi,pkgmirror-csail] {
- include apache2::dynamic
- } else {
- @ferm::rule { 'dsa-http':
- prio => '23',
- description => 'Allow web access',
- rule => '&SERVICE(tcp, (http https))'
+ if (! has_role('apache_not_public')) {
+ if $::hostname in [beach,buxtehude,picconi,pkgmirror-csail] {
+ include apache2::dynamic
+ } else {
+ @ferm::rule { 'dsa-http':
+ prio => '23',
+ description => 'Allow web access',
+ rule => '&SERVICE(tcp, (http https))'
+ }
}
- }
- @ferm::rule { 'dsa-http-v6':
- domain => '(ip6)',
- prio => '23',
- description => 'Allow web access',
- rule => '&SERVICE(tcp, (http https))'
+ @ferm::rule { 'dsa-http-v6':
+ domain => '(ip6)',
+ prio => '23',
+ description => 'Allow web access',
+ rule => '&SERVICE(tcp, (http https))'
+ }
}
exec { 'service apache2 reload':
}
}
- if has_role('experimental_apache') {
- $dbdosuites = [ 'debian-all', $::lsbdistcodename, 'jessie-apache2' ]
- } else {
- $dbdosuites = [ 'debian-all', $::lsbdistcodename ]
- }
+ $dbdosuites = [ 'debian-all', $::lsbdistcodename ]
site::aptrepo { 'db.debian.org':
url => 'http://db.debian.org/debian-admin',
suite => $dbdosuites,
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX console=ttyS0,115200"
<%- elsif %w{conova-node01 conova-node02}.include?(@hostname) then -%>
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX console=ttyS0,115200 earlycon"
-<%- elsif %w{storace fasolo klecker clementi czerny}.include?(@hostname) then -%>
+<%- elsif %w{storace fasolo klecker clementi czerny casulana}.include?(@hostname) then -%>
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX console=tty0 console=ttyS1,115200n8"
<% else -%>
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX console=tty0 console=ttyS0,115200n8"
--- /dev/null
+class roles::cdbuilder_local_mirror {
+ include apache2
+
+ $apache_addr = "172.29.103.1"
+ $vhost_listen = "${apache_addr}:80"
+
+ apache2::site { '010-local-mirror.cdbuilder.debian.org':
+ site => 'local-mirror.cdbuilder.debian.org',
+ content => template('roles/apache-local-mirror.cdbuilder.debian.org.erb'),
+ }
+
+ file { "/etc/apache2/ports.conf":
+ require => Package['apache2'],
+ content => @("EOF"),
+ # This file is maintained by puppet
+ Listen 127.0.0.1:80
+ Listen $vhost_listen
+ | EOF
+ notify => Service['apache2']
+ }
+}
if has_role('debconf_wafer') {
include roles::debconf_wafer
}
+
+ if has_role('cdbuilder_local_mirror') {
+ include roles::cdbuilder_local_mirror
+ }
}
ssl::service { 'backports.debian.org' : ensure => "ifstatic", notify => Exec['service apache2 reload'], key => true, }
ssl::service { 'bits.debian.org' : ensure => "ifstatic", notify => Exec['service apache2 reload'], key => true, }
ssl::service { 'blends.debian.org' : ensure => "ifstatic", notify => Exec['service apache2 reload'], key => true, }
+ ssl::service { 'cdbuilder-logs.debian.org' : ensure => "ifstatic", notify => Exec['service apache2 reload'], key => true }
ssl::service { 'd-i.debian.org' : ensure => "ifstatic", notify => Exec['service apache2 reload'], key => true }
ssl::service { 'deb.debian.org' : ensure => "ifstatic", notify => Exec['service apache2 reload'], key => true }
ssl::service { 'dpl.debian.org' : ensure => "ifstatic", notify => Exec['service apache2 reload'], key => true }
onion::service { 'backports.debian.org' : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
onion::service { 'bits.debian.org' : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
onion::service { 'blends.debian.org' : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
+ onion::service { 'cdbuilder-logs.debian.org' : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
onion::service { 'incoming.debian.org' : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
onion::service { 'incoming.ports.debian.org' : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
onion::service { 'lintian.debian.org' : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
master: dillon.debian.org
source: wuiet.debian.org:/srv/buildd.debian.org/ftp-archive/archive
limit-mirrors: [ 'klecker.debian.org', 'senfter.debian.org' ]
+ cdbuilder-logs.debian.org:
+ master: dillon.debian.org
+ source: casulana.debian.org:/srv/cdbuilder.debian.org/dst/deb-cd/log
10years.debconf.org : { master: 'dillon.debian.org', source: 'dillon.debian.org:/srv/debconf-webpages/web/10years.debconf.org' }
debconf0.debconf.org : { master: 'dillon.debian.org', source: 'dillon.debian.org:/srv/debconf-webpages/web/debconf0.debconf.org' }
debconf1.debconf.org : { master: 'dillon.debian.org', source: 'dillon.debian.org:/srv/debconf-webpages/web/debconf1.debconf.org' }
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+<VirtualHost <%= @vhost_listen %>>
+ ServerAdmin debian-admin@debian.org
+ ServerName local-mirror.cdbuilder.debian.org
+ ServerAlias security.debian.org
+ ServerAlias deb.debian.org
+ AddCharset UTF-8 .txt
+
+ ErrorLog /var/log/apache2/local-mirror.cdbuilder.debian.org-error.log
+ CustomLog /var/log/apache2/local-mirror.cdbuilder.debian.org-access.log privacy
+
+ Use ftp-archive /srv/mirrors/debian
+ Alias /debian/ /srv/mirrors/debian/
+
+ Use ftp-archive /srv/mirrors/debian-security
+ Alias /debian-security/ /srv/mirrors/debian-security/
+
+ <IfModule mod_userdir.c>
+ UserDir disabled
+ </IfModule>
+</VirtualHost>
+
+# vim:set syn=apache:
vhost(lines, "onion.debian.org" , :ssl => true)
vhost(lines, "manpages.debian.org" , :ssl => true, :extra => true)
vhost(lines, "planet.debian.net")
+vhost(lines, "cdbuilder-logs.debian.org" , :ssl => true)
vhost(lines, "bits.debian.org" , :ssl => true, :extra => true)
vhost(lines, "micronews.debian.org" , :ssl => true)
%backports FTPHOSTS,coccia=(staticsync) NOPASSWD: /usr/local/bin/static-update-component backports.debian.org
%bootstrap boott=(staticsync) NOPASSWD: /usr/local/bin/static-update-component bootstrap.debian.net
d-i dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component d-i.debian.org
+debian-cd casulana=(staticsync) NOPASSWD: /usr/local/bin/static-update-component cdbuilder-logs.debian.org
lucas dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component debaday.debian.net
dsa dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component dsa.debian.org
dak FTPHOSTS=(staticsync) NOPASSWD: /usr/local/bin/static-update-component incoming.debian.org